Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2007-0778

The page cache feature in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 can generate hash collisions that cause page data to be appended to the wrong page cache, which allows remote attackers to obtain sensitive information or enable further attack vectors when the target page is reloaded from the cache.

Published

2007-02-26T20:28:00.000

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 5.4 (MEDIUM)

CVSSv2 Vector

AV:N/AC:H/Au:N/C:C/I:N/A:N

Access Vector: NETWORK
Access Complexity: HIGH
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

4.9

Impact Score

6.9

Weaknesses

Type: Primary
CWE-200

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	mozilla	firefox	< 1.5.0.10	Yes
Application	mozilla	firefox	< 2.0.0.2	Yes
Application	mozilla	seamonkey	< 1.0.8	Yes
Operating System	canonical	ubuntu_linux	5.10	Yes
Operating System	canonical	ubuntu_linux	6.06	Yes
Operating System	canonical	ubuntu_linux	6.10	Yes
Operating System	debian	debian_linux	3.1	Yes

References

ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc Broken Link ([email protected])
ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc Broken Link ([email protected])
http://fedoranews.org/cms/node/2713 Broken Link ([email protected])
http://fedoranews.org/cms/node/2728 Broken Link ([email protected])
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 Broken Link ([email protected])
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 Broken Link ([email protected])
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html Broken Link ([email protected])
http://rhn.redhat.com/errata/RHSA-2007-0077.html Third Party Advisory ([email protected])
http://secunia.com/advisories/24205 Third Party Advisory ([email protected])
http://secunia.com/advisories/24238 Third Party Advisory ([email protected])
http://secunia.com/advisories/24287 Third Party Advisory ([email protected])
http://secunia.com/advisories/24290 Third Party Advisory ([email protected])
http://secunia.com/advisories/24293 Third Party Advisory ([email protected])
http://secunia.com/advisories/24320 Third Party Advisory ([email protected])
http://secunia.com/advisories/24328 Third Party Advisory ([email protected])
http://secunia.com/advisories/24333 Third Party Advisory ([email protected])
http://secunia.com/advisories/24342 Third Party Advisory ([email protected])
http://secunia.com/advisories/24343 Third Party Advisory ([email protected])
http://secunia.com/advisories/24384 Third Party Advisory ([email protected])
http://secunia.com/advisories/24393 Third Party Advisory ([email protected])
http://secunia.com/advisories/24395 Third Party Advisory ([email protected])
http://secunia.com/advisories/24437 Third Party Advisory ([email protected])
http://secunia.com/advisories/24455 Third Party Advisory ([email protected])
http://secunia.com/advisories/24457 Third Party Advisory ([email protected])
http://secunia.com/advisories/24650 Third Party Advisory ([email protected])
http://secunia.com/advisories/25588 Third Party Advisory ([email protected])
http://security.gentoo.org/glsa/glsa-200703-04.xml Third Party Advisory ([email protected])
http://securitytracker.com/id?1017699 Third Party Advisory, VDB Entry ([email protected])
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131 Mailing List, Third Party Advisory ([email protected])
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851 Mailing List, Third Party Advisory ([email protected])
http://www.debian.org/security/2007/dsa-1336 Third Party Advisory ([email protected])
http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml Third Party Advisory ([email protected])
http://www.mandriva.com/security/advisories?name=MDKSA-2007:050 Third Party Advisory ([email protected])
http://www.mozilla.org/security/announce/2007/mfsa2007-03.html Patch, Vendor Advisory ([email protected])
http://www.novell.com/linux/security/advisories/2007_22_mozilla.html Broken Link ([email protected])
http://www.osvdb.org/32110 Broken Link ([email protected])
http://www.redhat.com/support/errata/RHSA-2007-0078.html Third Party Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2007-0079.html Third Party Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2007-0097.html Third Party Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2007-0108.html Third Party Advisory ([email protected])
http://www.securityfocus.com/archive/1/461336/100/0/threaded Third Party Advisory, VDB Entry ([email protected])
http://www.securityfocus.com/archive/1/461809/100/0/threaded Third Party Advisory, VDB Entry ([email protected])
http://www.securityfocus.com/bid/22694 Third Party Advisory, VDB Entry ([email protected])
http://www.ubuntu.com/usn/usn-428-1 Third Party Advisory ([email protected])
http://www.vupen.com/english/advisories/2007/0718 Third Party Advisory ([email protected])
http://www.vupen.com/english/advisories/2008/0083 Third Party Advisory ([email protected])
https://bugzilla.mozilla.org/show_bug.cgi?id=347852 Issue Tracking ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/32671 Third Party Advisory, VDB Entry ([email protected])
https://issues.rpath.com/browse/RPL-1081 Broken Link ([email protected])
https://issues.rpath.com/browse/RPL-1103 Broken Link ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9151 Broken Link ([email protected])
ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc Broken Link (af854a3a-2127-422b-91ae-364da2661108)
ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://fedoranews.org/cms/node/2713 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://fedoranews.org/cms/node/2728 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2007-0077.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24205 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24238 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24287 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24290 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24293 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24320 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24328 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24333 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24342 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24343 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24384 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24393 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24395 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24437 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24455 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24457 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24650 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/25588 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://security.gentoo.org/glsa/glsa-200703-04.xml Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1017699 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2007/dsa-1336 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDKSA-2007:050 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.mozilla.org/security/announce/2007/mfsa2007-03.html Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.novell.com/linux/security/advisories/2007_22_mozilla.html Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/32110 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2007-0078.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2007-0079.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2007-0097.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2007-0108.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/461336/100/0/threaded Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/461809/100/0/threaded Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/22694 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/usn-428-1 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2007/0718 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2008/0083 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.mozilla.org/show_bug.cgi?id=347852 Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/32671 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://issues.rpath.com/browse/RPL-1081 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
https://issues.rpath.com/browse/RPL-1103 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9151 Broken Link (af854a3a-2127-422b-91ae-364da2661108)